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Security Threat to Key Extraction 
on Host-Migrated Cable Modem 
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Decryption Key handling 
in CCCM MAC chip 
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Key Material Register Bank 
in CM Media Access Controller (MAC) Chip 



SID# 



/ 



> * * a 
a 



cr> 




® 


=0 






CO 






CO 




® 


cO 






CO 




® 


CO 






cO 




® 


cO 






=3 






cO 




® 


=0 




® 


=0 






cO 






<=o 




<8> 



Key Material 



Current Key 



DES Key 



Init Vector 



Next Key 



DES Key 



tmt Vector 



\ 




Disable Key Writes 
for allSIDs 




Destroy keying matenal 
for that SID 



Disable key writes 
for that SID 



Rules Flow-Chart 




9° 



Disregard message 



-A 



$2° 



Process message 
norma) I v 



Pass TDES-encrypted 
keying material to host 
(for decryption) 



I 



Enable write of 
decrypted keying material 
from host to KMRB 
for this SID 



y— 



f(6r 




Disable key wntes 
for this SID 



CM = Cable Modem 

CMTS = CM Termination System (headend) 
SID - Service ID (datastream) 
TDES = Triple-DES 

KMRB = Keying Matenal Register Bank 
(in CM MAC chip) 
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